Two gateways, two subnets, one internet, subnet connectivity issue
-
My next project to tackle is to follow this tutorial on setting up OpenVPN with PIA: https://forum.pfsense.org/index.php?topic=76015.0
Do you foresee any issues integrating this with what's going on?There are a couple things to consider if you are going to keep the current edge devices in place:
-
As currently connected, since PFsense is double NAT'd behind your edge router (DDWRT), you would first need to forward the OpenVPN listening port over to PFsense. Plus it may be necessary to add a static route on DDWRT for the OpenVPN tunnel network.
-
PFsense is only the gateway for LAN 2, so you'd only be able to route LAN 2's traffic thru the tunnel.
-
-
Yes, that is correct. I only want some of LAN2 traffic on OpenVPN.
If I can get it working on LAN2 with the pfSense Firewall and NAT disabled then I wouldn't need to forward to listening port over from DDWRT to pfSense, correct?
I don't really have any additional questions right now as I haven't started to dig in to the project yet. I hope to get to it in a few hours. I think the first step would be to get pfSense configured properly with the NAT/FIREWALL disabled and then move forward from there or I feel like I'll be compounding inefficiencies.
-
If I can get it working on LAN2 with the pfSense Firewall and NAT disabled then I wouldn't need to forward to listening port over from DDWRT to pfSense, correct?
You're right. I was thinking about server connections, but a connection to PIA would be a client connection. Long night :)
If you do ever end up configuring a remote access server, then you would need to forward the listening port though.
-
Thanks, I'll be back as I progress through this. I'm going to clean up the connections I have right and then move on to the OpenVPN implementation.
-
I have the open VPN client setup on the router using this guide: https://www.privateinternetaccess.com/pages/client-support/pfsense
It worked great, however I'm still at the point where it would be best to disable NAT/Firewall and I'd like to only route specific IPs or an IP range through OpenVPN. If the pfsense box is setup as router only would I be using static routes somehow as the NAT/Firewall rules would no longer be functional in the "router only" state.
-
Looking more closely at everything, it almost seems like you HAVE to have NAT enabled on the pfsense machine in order to direct specific addresses through the VPN or not.